The present invention relates to network analyzers, and more particularly to analyzing wireless networks.
Network assessment tools referred to as xe2x80x9canalyzersxe2x80x9d are often relied upon to analyze networks communications at a plurality of layers. One example of such analyzers is the Sniffer(copyright) device manufactured by Network Associates(copyright), Inc. Analyzers have similar objectives such as determining why network performance is slow, understanding the specifics about excessive traffic, and/or gaining visibility into various parts of the network.
In use, network analyzers often take the form of a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A network analyzer can also be used legitimately or illegitimately to capture data being transmitted on a network. For example, a network router reads every packet of data passed to it, determining whether it is intended for a destination within the router""s network or whether it should be passed further along the Internet. A router with a network analyzer, however, may be able to read the data in the packet as well as the source and destination addresses. It should be noted that network analyzers may also analyze data other than network traffic. For example, a database could be analyzed for certain kinds of duplication, etc.
Network analyzers have been used to monitor various types of networks including wireless networks. Wireless communications can be vulnerable to eavesdropping since radio frequency (RF) waves radiate everywhere within a transmitter range, including areas outside of physical buildings. This makes the task of securing a wireless local area network (LAN) difficult. It is also relatively simple to set up additional stations/access points (APs) to intercept/interfere with the normal operations of wireless networks. These rogue devices can compromise the security of these networks.
Various problems exist in physically locating rogue APs. These problems are complicated by the nature of RF waves used in wireless LANs. Table #1 itemizes these various problems.
To date, network analyzers have only been able to identify whether APs exist and whether they are expected or not. Unfortunately, this functionality is limited in terms of locating rogue devices and resolving such situations. There is thus a need for a network analyzer that can not only detect and identify APs, but also overcome the foregoing problems in the realm of wireless networks in order to physically locate rogue devices so that appropriate security actions, authentication, etc. may be carried out.
A system, method and computer program product are provided for ascertaining the location of an access point in a wireless network. Initially, a strength of a radio frequency signal of an access point of a wireless network is monitored at a position utilizing a wireless network analyzer. Next, the wireless network analyzer is moved about the position. The foregoing operations may be repeated to allow the location of the access point to be ascertained based on the monitored strength of the radio frequency signal.
In one embodiment, the wireless network may include an 802.11 wireless network. Further, a list of access points may be defined for the wireless network. As an option, a list of access points with unique identifiers (i.e. MAC addresses) may be tagged as expected/authorized, and any other access points not on this list are considered suspect.
In another embodiment, the wireless network analyzer may be moved to another position. Moreover, the foregoing method of ascertaining the location of the access point may be repeated at the additional position to further refine the process.
In still another embodiment, an administrator or the like may react to the access point upon ascertaining the location thereof. Just by way of example, the access point may be sought out and eliminated, authenticated, etc. As an option, a global positioning system may be used in the course of ascertaining the location of the access point. As a further option, the wireless network analyzer may include a mobile handset.
In still yet another embodiment, the various operations of the present technique may be carried out for ascertaining the location of a plurality of access points. In such embodiment, each of the access points may be differentiated and tracked utilizing an identifier (i.e. MAC address).
As an option, a degree of accuracy may be defined by a user, administrator or in a predetermined manner. As such, a notification may be output upon the location of the access point being ascertained within the defined degree of accuracy. To this end, the present techniques may be repeated until the location of the access point is ascertained with a desired degree of accuracy.
Thus, a system and method of searching out and locating, both inside or outside a physical premises, unexpected or unauthorized access points (i.e. wireless local area network (LAN) stations, etc.) is provided by tracking the radio frequency (RF) signal strengths at various locations. This technique may also be useful in locating other RF devices.